feat: add Ansible post-provision verification templates and update documentation

josecelano · josecelano · commit ab15f0b27508 · 2025-08-27T16:06:17.000+01:00
- Add Ansible templates for post-provision verification:
  * ansible.cfg: Ansible configuration optimized for automation
  * inventory.ini.template: Dynamic inventory template with VM_IP placeholder
  * post-provision-verification.yml: Comprehensive verification playbook
  * verify-ssh.yml: SSH connectivity verification playbook
- Update README.md:
  * Add Ansible as system requirement with installation instructions
  * Update provision command description to include Ansible verification
  * Add Ansible to E2E test requirements
- Update project-words.txt with new terminology
- Manual testing confirmed: Ansible integration works correctly with VM at 192.168.122.163
diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ First, install system dependencies:
 
 ```bash
 # On Ubuntu/Debian:
-sudo apt install libssh2-1-dev
+sudo apt install libssh2-1-dev ansible
 ```
 
 Install cpanminus:
@@ -105,13 +105,26 @@ This command will:
 1. Copy OpenTofu configuration templates from `templates/provision/` directory
 2. Initialize OpenTofu if needed
 3. Create a minimal Ubuntu 22.04 LTS VM with hardcoded configuration
-4. Start the VM and make it ready for use
+4. Wait for cloud-init completion via SSH monitoring
+5. Verify SSH key authentication and system readiness
+6. Run post-provision verification using Ansible (experimental)
+7. Display final system summary
 
 #### Requirements
 
 Before using the provision command, ensure you have:
 
 - **OpenTofu** installed ([Download from opentofu.org](https://opentofu.org/docs/intro/install/))
+- **Ansible** installed for post-provision verification and configuration:
+
+  ```bash
+  # On Ubuntu/Debian:
+  sudo apt install ansible
+
+  # Verify installation:
+  ansible --version
+  ```
+
 - **libvirt/KVM** installed and running:
 
   ```bash
@@ -200,6 +213,7 @@ Run end-to-end tests that require local virtualization support:
 
 - Local machine with KVM/libvirt support
 - OpenTofu installed
+- Ansible installed
 - Required system tools: `qemu-system-x86_64`, `sshpass`
 - SSH development libraries: `libssh2-1-dev`
 - Cannot run in CI environments
diff --git a/project-words.txt b/project-words.txt
@@ -24,6 +24,7 @@ keyrings
 libssh
 libvirtd
 LOGLEVEL
+memtotal
 mkpath
 Mlocal
 netdev
@@ -50,6 +51,7 @@ tfstate
 Undefining
 usermod
 vcpu
+vcpus
 virsh
 virtio
 wmem
diff --git a/templates/ansible/ansible.cfg b/templates/ansible/ansible.cfg
@@ -0,0 +1,15 @@
+[defaults]
+# Basic Ansible configuration for Torrust deployment
+inventory = inventory.ini
+remote_user = torrust
+private_key_file = ~/.ssh/testing_rsa
+host_key_checking = False
+retry_files_enabled = False
+stdout_callback = yaml
+gathering = smart
+fact_caching = memory
+
+[ssh_connection]
+ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no
+pipelining = True
+control_path = /tmp/ansible-ssh-%%h-%%p-%%r
diff --git a/templates/ansible/inventory.ini.template b/templates/ansible/inventory.ini.template
@@ -0,0 +1,8 @@
+# Ansible inventory template for Torrust VM
+# VM_IP will be replaced with actual IP during provisioning
+
+[torrust_vm]
+{{VM_IP}} ansible_user=torrust ansible_ssh_private_key_file=~/.ssh/testing_rsa
+
+[torrust_vm:vars]
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'
diff --git a/templates/ansible/post-provision-verification.yml b/templates/ansible/post-provision-verification.yml
@@ -0,0 +1,53 @@
+---
+# Post-provision verification playbook for Torrust VM
+# This playbook performs comprehensive verification of VM readiness after OpenTofu provisioning
+
+- name: Post-Provision Verification for Torrust VM
+  hosts: torrust_vm
+  gather_facts: yes
+  become: no
+
+  tasks:
+    - name: Test SSH connectivity with ping
+      ping:
+      register: ssh_test
+
+    - name: Display SSH connectivity result
+      debug:
+        msg: "✅ SSH key authentication successful to {{ inventory_hostname }}"
+      when: ssh_test is succeeded
+
+    - name: Verify Docker installation
+      command: docker --version
+      register: docker_version
+      changed_when: false
+      failed_when: false
+
+    - name: Display Docker status
+      debug:
+        msg: "Docker: {{ docker_version.stdout if docker_version.rc == 0 else 'Not available' }}"
+
+    - name: Check firewall status
+      command: sudo ufw status
+      register: ufw_status
+      changed_when: false
+      failed_when: false
+
+    - name: Display firewall status
+      debug:
+        msg: "Firewall: {{ ufw_status.stdout_lines[0] if ufw_status.rc == 0 else 'UFW not available' }}"
+
+    - name: Gather system facts
+      setup:
+      register: system_facts
+
+    - name: Display system summary
+      debug:
+        msg: |
+          📦 System Summary via Ansible:
+          - OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
+          - Hostname: {{ ansible_hostname }}
+          - IP: {{ ansible_default_ipv4.address }}
+          - Architecture: {{ ansible_architecture }}
+          - Memory: {{ ansible_memtotal_mb }}MB
+          - CPUs: {{ ansible_processor_vcpus }}
diff --git a/templates/ansible/verify-ssh.yml b/templates/ansible/verify-ssh.yml
@@ -0,0 +1,53 @@
+---
+# Post-provision verification playbook for Torrust VM
+# This playbook verifies SSH connectivity and system readiness after OpenTofu provisioning
+
+- name: Verify Torrust VM Post-Provision Setup
+  hosts: torrust_vm
+  gather_facts: yes
+  become: no
+
+  tasks:
+    - name: Test SSH connectivity with ping
+      ping:
+      register: ssh_test
+
+    - name: Display SSH connectivity result
+      debug:
+        msg: "✅ SSH key authentication successful to {{ inventory_hostname }}"
+      when: ssh_test is succeeded
+
+    - name: Verify Docker installation
+      command: docker --version
+      register: docker_version
+      changed_when: false
+      failed_when: false
+
+    - name: Display Docker status
+      debug:
+        msg: "Docker: {{ docker_version.stdout if docker_version.rc == 0 else 'Not available' }}"
+
+    - name: Check firewall status
+      command: sudo ufw status
+      register: ufw_status
+      changed_when: false
+      failed_when: false
+
+    - name: Display firewall status
+      debug:
+        msg: "Firewall: {{ ufw_status.stdout_lines[0] if ufw_status.rc == 0 else 'UFW not available' }}"
+
+    - name: Gather system facts
+      setup:
+      register: system_facts
+
+    - name: Display system summary
+      debug:
+        msg: |
+          📦 System Summary via Ansible:
+          - OS: {{ ansible_distribution }} {{ ansible_distribution_version }}
+          - Hostname: {{ ansible_hostname }}
+          - IP: {{ ansible_default_ipv4.address }}
+          - Architecture: {{ ansible_architecture }}
+          - Memory: {{ ansible_memtotal_mb }}MB
+          - CPUs: {{ ansible_processor_vcpus }}
